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1.1. 


2.2. 


2.3: 
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2.6. 


Purpose 


The Regulatory Committee supports the Management Board in 
providing strategic oversight of the ICO’s regulatory delivery, 
including methodologies, decision making and processes in line with 
our strategic enduring objectives, to ensure that these are effective 
and fit for purpose. 


Responsibilities 
The Committee is responsible for scrutinising regulatory impact, 
performance and service provision by the ICO. 


The ICO’s regulatory delivery framework sets out six elements for 
successful regulatory delivery. 


This includes the pre-requisites of successful regulatory delivery: 


° Governance Framework - Purpose, structure, landscape, 
powers and responsibilities 


e Accountability - Transparency mechanisms and effectively 
empowering and building the capacity of others to hold the 
regulator to account 


e Culture - Leadership, values and competence 


The framework also includes the operational practices required for 
successful regulatory delivery: 


° Outcome measurement 
e Risk-based prioritisation 
e Intervention measurement 


These elements inter-relate and do not operate in isolation or in 
order of precedence. 


Using the context of these six elements of regulatory delivery set 
out in the framework, regulatory committee will provide scrutiny 
around the following key questions: 


° Is the ICO undertaking regulatory activity in a way that 
appropriately takes account of and delivers on our range of 
statutory duties, strategic objectives, and overarching 
strategic objectives? Is this being carried out in a sufficiently 
open and transparent manner to deliver regulatory certainty? 


e Is the ICO’s regulatory activity effectively delivering the 
desired outcomes as set out in our current strategic plan? Is 
our activity empowering organisations to use data responsibly 
and innovatively whilst also protecting people, especially the 
vulnerable? 


° Are our measures for tracking the impact of our regulatory 
activity effective? Do these measures indicate where we 
should assign our activity, or where we need to change 
approaches? 


e Have we taken account of the wider context of political, social 
and economic issues when considering the risks and 
opportunities of our regulatory activity? 


a Have we achieved a high level of assurance on having the 
right skills, structures and culture in place in order to deliver 
our regulatory work? Are there areas to address to provide 
the committee with that assurance? 


2.7. The Committee will not have any role in advising the Commissioner 
or his staff on individual cases. 


3. Authority 


3.1. The Committee’s authority derives from the Management Board. 


3.2. The Committee operates based on collective decision making 
principles and a ‘majority vote’ in circumstances where a consensus 
view cannot be reached. 


3.3. The Commissioner, as a Corporation Sole, will always have the right 
to set a course of action that is contrary to the majority view of the 
Committee. Nothing in these terms of reference shall detract from 
the authority of the Information Commissioner as Accounting Officer 
and as a Corporation Sole. 


3.4. The Committee is authorised, where necessary, to obtain any 
external advice it deems as reasonable. The Committee is also 
authorised to call any ICO staff to be present at the meeting as 
required. 


4. Links to other bodies 


Management Board 


4.1. After each Committee meeting, the Chair will report to the next 
meeting of the Management Board to update the Board on any key 


matters considered by the Committee. Where necessary, matters 
may be referred directly to Management Board rather than being 
considered by Regulatory Committee. 


Regulatory Delivery Board 


4.2. 
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6.2. 


6.3. 


The Regulatory Delivery Board is the SLT Board responsible for 
overseeing, managing and co-ordinating our delivery of regulatory 
functions. The Deputy Commissioner - Regulatory Supervision and 
Deputy Commissioner - Regulatory Policy chair the Regulatory 
Delivery Board and attends all meetings of the Regulatory 
Committee. 


Chair 


The Information Commissioner will chair the Committee. 


If they deem it necessary, they may designate a deputy chair of the 
Committee. 


Composition 

The members of the Committee are: 

e Chair: Information Commissioner 

e Deputy CEO and COO 

e Deputy Commissioner - Regulatory Supervision 

e Deputy Commissioner - Regulatory Policy 

e Chair of Policy Board (Director of Regulatory Policy Projects) 
e Three Non-Executive Directors 


The Committee may appoint an Independent Member with 
appropriate experience. 


The Committee may invite any other ICO staff or Non-Executive 
Directors to attend meetings, whether for full meetings or parts of 
meetings. The Committee may require such staff to attend 
whenever needed to transact business of the Committee. 


Quorum 


The quorum is three, including at least one Executive and one Non- 
Executive Director. 


Information requirements 


8.1. 


8.2. 


10.1. 
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The Committee should ensure that arrangements are in place to 
enable it to discharge its responsibilities effectively, including the 
timely provision of information in an appropriate form and quality to 
enable thematic discussion of the elements of regulatory delivery. 
Information updates should aid this wide-ranging discussion at the 
strategic delivery level. This may include, as appropriate to the 
regulatory delivery elements, information on: 


° Delivery of ICO25 regulatory objectives, statutory codes, 
regulatory duties and reviews. 


o Delivery of the ICO’s statutory duties 


° The impact of any novel or contentious legal action on 
regulatory delivery 


e Significant monetary penalties issued (or similar significant 
regulatory action) 


° Outcomes of any internal audits related to the Committee’s 
role. 


° Outcomes of any lessons learned exercises in relation to 
regulatory activities. 


The Committee is authorised to obtain external legal or other 
professional advice as required. There are no specific limits on cost 
of this, so long as the Committee is satisfied that the cost is 
reasonable. 


Budget 


The Committee is not responsible for a specific budget. Where the 
Committee’s actions require a budget, this will be funded from a 
relevant Directorate budget. 


Secretariat 
Secretariat is provided by the Corporate Governance Team. 
Frequency of meetings 


The Committee will meet at least three times per year. The Chair 
may call additional meetings as necessary. 


Links to other forums 


The Committee’s place in the overall governance structure is set out 
in the diagram below. 


Management 
Board 


Audit & Risk ene Tern People Regulatory 
Committee Committee Committee 


Remuneration 
Advisory Sub- 
Committee 


Senior Leadership 
Team 


SLT Boards (inc 
Regulatory 
Delivery Board) 


